Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Government Privacy The Almighty Buck Windows

NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet (arstechnica.com) 111

An anonymous reader quotes a report from Ars Technica: The Shadow Brokers -- the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits -- just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release -- which came as much of the computing world was planning a long weekend to observe the Easter holiday -- contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and "slick" code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday's release contains several tools with the word "eternal" in their name that exploit previously unknown flaws in Windows desktops and servers.
This discussion has been archived. No new comments can be posted.

NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet

Comments Filter:
  • by Anonymous Coward

    The NSA has done nothing wrong. It's their duty to protect the United States by spying on threats to national security. Whoever is leaking this information needs to be on the receiving end of a drone strike.

    • by Anonymous Coward

      And all the other nations are using the same exploits to spy on americans. Deal with that dumbass.

    • Preventing companies from repairing exploitable flaws in major software products is NOT something they should be doing.

      • Sitting on a zero-day vulnerability without telling the maintainers certainly makes the USA less secure and runs afoul of their duty to protect the USA...
         
        ...But have they actually prevented a company from fixing exploits? Like a court order telling Microsoft to leave a vulnerability in place?

    • by CaptainDork ( 3678879 ) on Friday April 14, 2017 @04:47PM (#54236855)

      It's their duty to protect their own goddam security and all Americans.

      Given that they know millions of Americans are at risk from exploits they have not reported to the vendors, by your logic, the NSA is a traitor organization and qualifies for a drone strike.

    • C'mon, if you're going to hold yourself out as a professional propagandist, at least put in the effort to get your possessive pronoun number agreement correct.

    • by Anonymous Coward

      you idiot, they are spying on innocent americans too. this is the early stages of a supranational surveillance system paid for by idiot whores like you.

  • by 110010001000 ( 697113 ) on Friday April 14, 2017 @04:26PM (#54236779) Homepage Journal
    I use Windows 10. The safest OS every made. Unbreakable.
  • Thanks, NSA (Score:2, Informative)

    by Anonymous Coward

    The Shadow Brokers advertised the names of these exploits in January. The NSA had 3 months to warn Microsoft. But nope. Enjoy the 0day shitstorm that's about to drop.

  • Wow, this code is really old. Almost 10 years old. You can tell by the excessive use of XML.
  • Advance notice? (Score:5, Insightful)

    by jodido ( 1052890 ) on Friday April 14, 2017 @04:58PM (#54236897)
    Anybody else wonder if Microsoft is cooperating with the NSA? Seems like there are a lot of security issues and I wonder why MS hasn't seemed to be able to find them and why the NSA has.
    • by rtb61 ( 674572 )

      Why has the NSA found them and M$ hasn't, dude seriously, now tell me where is the profit for M$ to find and fix bugs in their software. Does it help them to sell the next version, hmm, NO. Does it make them profit to do so, paying coders to review code that just barely works, hmm, NO. Does it prevent M$ from being prosecuted for failing to secure systems (when the users of M$ do get prosecuted for failing to secure systems, which once windows has been installed, apparently can not be secured), hmm, NO. Why

      • by Atryn ( 528846 )
        I don't think all the negative press is good for M$ or their Windows brand. People do have alternatives and this does make those alternatives look a bit better than before.

        BTW, where is the NSA's trove of Linux and MacOS exploits? How about an NSA trove of Android and iOS exploits? They must have them.
      • by jodido ( 1052890 )
        I think you're half right. Security is just an added expense. OTOH as someone else pointed out it's also good PR to say you've found x bug and have fixed it. And bad PR when it leaks that the NSA found all kinds of ways to exploit your software and you didn't. So there are costs on both sides. In the end the main reason I have no confidence in MS is that they are, after all, a very large American corporation, and the NSA and all the rest of the cop agencies exist to protect them. So why wouldn't they
  • by Anonymous Coward

    I wonder how many of this "unknown bugs" used by "slick code" where put there on purpose in windows and how much is actual bugs.

    • by bill_mcgonigle ( 4333 ) * on Friday April 14, 2017 @05:24PM (#54237013) Homepage Journal

      I wonder how many of this "unknown bugs" used by "slick code" where put there on purpose in windows and how much is actual bugs.

      If you talk to people who have seen the older parts of Windows source, you start to become less conspiratorial. Much of the code was written when these machines were only networked if the company had a Novell network (yeah, yeah, both of you who ran LANMan can pipe down) and security wasn't even on the RADAR. Modern programmers at Microsoft are either disgusted or terrified by it, from what I hear.

      Backwards compatibility cuts both ways.

      • by raymorris ( 2726007 ) on Friday April 14, 2017 @06:16PM (#54237165) Journal

        > Much of the code was written when these machines were only networked if the company had a Novell network (yeah, yeah, both of you who ran LANMan can pipe down) and security wasn't even on the RADAR.

        Indeed. Historically, it was DISK Operating System (DOS) on a PERSONAL Computer (PC) as opposed to the then-traditional NETWORK operating system on a time-sharing computer (which cost over $100,000). The point of DOS, the difference between Microsoft and what was already common place, was that the Microsoft OS was for cheap little computers used by one person, and not connected to a big corporate network. Instead of requiring many MBs of RAM, DOS could run in as little as 16KB pf RAM by getting rid of all the stuff that wasn't needed on a PERSONAL, DISK-based computer - stuff like security, stuff like isolating the files and processes of one user from the rest of the system.

        This was a great idea. It worked brilliantly. Then the internet happened. Microsoft had a shit fit. Not only was their entire company based on PCs rather than the client-server model, but they had just spent millions upgrading Object Linking and Embedding (OLE), and named the new version COM. It was really cool - it let you do things like embed a picture in a Word document, or link a sound file from a picture. It was awesome. Then the web showed up with "img src" and "a href". Oh shit!

        Microsoft did exactly the right thing, making an OS for personal, home computers, which weren't on a network and therefore any security was unnecessary overhead that they removed. Then the sudden popularity of the web screwed them and they had to play catch-up for 15 years.

      • by davecb ( 6526 )

        An old employer was a Windows 2.0 licensee: it wasn't even supposed to be secure, it was to run on a machine that wan't on a network, or was on a secure network.

        Can you say "red-book at system-low" ? It was logical, but assumed there was no internet.

      • by mikael ( 484 )

        That's true. The first Ethernet adapters that came along for PC's were huge cards with a physical key lock and a user ID card. Everything was intended to run on offical Ethernet cable; bright yellow or blue coaxial cables connected by vampire taps, which were simple blocks with three spikes that went through the coaxial sheathing and connected to the core copper, with LAN's connected by bridges, routers and firewalls. Everything was intended to be static and predefined.
        For home business use, ISDN was the on

  • The other submission (Score:2, Informative)

    by Anonymous Coward
    The other submission, which mods ignored, contained a better list of the exploits: https://www.bleepingcomputer.c... [bleepingcomputer.com]
  • And why a certain foreign agent went to Korea a while back.

  • I think I'd prefer if the NSA *could* see those bank transactions. I'm not a fan of privacy in banking. If you want to do a transaction privately, that's what cash (and maybe cryptocurrency, that genie's out of the bottle) is for. Any privacy beyond that only provides enhanced convenience to criminals IMO. I'd prefer if all bank transactions were visible to law enforcement and tax authorities.

    • I'm happy if mine are visible so long as all the transactions investment banks make with one another are also visible.
  • "... the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday's latest installment of weapons-grade attacks."

    https://arstechnica.com/securi... [arstechnica.com]

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...